CLI Reference Guide
Defining a Mobility Domain 91
The client uses the same authorization parameters for the new session
as for the old session. For example, changing the Encryption-Type or
VLAN-Name parameter might cause a new session to be recorded,
rather than a roam within the same session.
A disassociated session has a grace period of 5 seconds in which the
session history can be retrieved and forwarded. After 5 seconds, the
session is cleared, and its accounting is stopped. You cannot configure
the grace period.
If the client MAC address in a Mobility Domain is not found in 5 seconds,
the session is considered new.
The 802.1X reauthentication timeout has little impact on roaming. If the
timeout lapses, 802.1X processing is performed on the existing
association. Accounting and roaming history are not affected if the
reauthentication is successful, because the client is still associated with
the same MAP. If reauthentication fails, the session is cleared, and it is
not eligible for roaming. If the client associates to the same MAP, that is
recorded as a new session.
Roaming creates the following effects:
Remote Authentication Dial-In User Service (RADIUS) accounting is
treated as a continuation of an existing session, rather than a new
one.
For tracked users, you can view roaming history in the Monitor tab.
See “Using the Client Monitor Window” on page 367.
The old session is cleared from the WX, even if the client did not
explicitly disassociate from the MAP and the 802.1X reauthentication
interval has not lapsed.
Traffic Ports Used by
a Mobility Domain
When deploying a Mobility Domain, you might attach the WX switches to
subnets that have firewalls or access controls between them. Within a
Mobility Domain, the WX switches exchange information and other types
of traffic, depending on your configuration of AAA and various
management services.
Table 13 provides a summary of the traffic ports typically used by a
Mobility Domain and its associated AAA and management functions.